pypi›sqlalchemy›CVE-2019-71649.8 CRITICALSQL Injection via order_bySQLAlchemy allows SQL Injection via the order_by parameter.
pypi›sqlalchemy›CVE-2019-75487.8 HIGHSQL Injection via group_bySQLAlchemy has SQL Injection when the group_by parameter can be controlled.